Accepting security changes - old habits die hard

Hello,
This may be only me, but i was thinking.
It seems to me that newer anti-whatever applications are being welcomed with far more suspicion than before. The probation period never seems to end and despite (hopefully) earnest efforts, it seems a large number of the newcomers have a hard time proving themselves against the background of a few veterans. One of the most notable exceptions in this case is Ewido.
My question is, is the solely the matter of time that dictates quality? Spybot has been around for several years. Does that mean that today's newcomers will be tomorrow's cream de echelon, in 2008 or so? Or are there other factors that affect the mood?
And how does an average joe judge the situation? How does someone for whom Norton is the holy word of security get the feel of the market?
How does a Wilders' member feel about it?
When you read about a new anti-spyware or something? What is your first reaction? What do you think?
Mrk

I've been studying marketing techniques of the online community recently, and it would seem that blogs and forums like Wilders have an impact on the general trend of what we should get in order to protect ourselves. But I don't have hard facts to prove myself.

But reviews in magazines also play a big role in who gets the attention as a security product.

My question is, is the solely the matter of time that dictates quality?

Click to expand...

Time does play a factor on quality in that a mature product will likely have more of the bugs worked out. It also lends the product some additional clout for having survived in the marketplace for a period of time (if it wasn't good, they wouldn't still be in business).
The same way that one would be wise to wait for the release version rather than an alpha or beta version.

That doesn't mean that people should not be open to new products and ideas.
There will always be a better way to build a mouse trap.
You can have mature products that are really bad compared to some of the new innovative products.

So time affects quality somewhat, but it adds to the perception of quality more.

Mrkvonic said:

Spybot has been around for several years. Does that mean that today's newcomers will be tomorrow's cream de echelon, in 2008 or so?

Click to expand...

Maybe, if the newcomers can show they have a proven track record and are proven to be better than the old guard.

Mrkvonic said:

Or are there other factors that affect the mood?

Click to expand...

Yes, "unbiased" tests, expert opinions (reviews), and all the forms of marketing and advertising.
Brand loyalty and products one is familiar with and trust has a lot to do with it.

Mrkvonic said:

And how does an average joe judge the situation?

Click to expand...

Joe "buys" what he can see, so unfortunately it boils down to Brand A or Brand B which have the best marketing of all the possibilities.
Maybe he reads a review or two from a major computer magazine to get what he thinks is an unbiased opinion.
Maybe it is, maybe it isn't.
He then makes a decision and buys the one that is the most appealing.

Mrkvonic said:

How does someone for whom Norton is the holy word of security get the feel of the market?

Click to expand...

Research, research, research. He should read all the reviews he can.
Visit security forums to expand his horizons beyond what is most popular.
Most popular often means best marketed and should not be a guide for a product's quality.
It is possible for a product to be good quality, popular, and well marketed.

Mrkvonic said:

How does a Wilders' member feel about it?

Click to expand...

I feel much less like a sheep being herded wherever the marketers point.
I try to research a product as much as possible.
I have found the forums to be helpful here.
My decision making process is influenced somewhat by other people's posts.
Hopefully I will have done enough research to get a good general overview of the product's quality.

Mrkvonic said:

When you read about a new anti-spyware or something? What is your first reaction? What do you think?

Click to expand...

My first reaction is...
Why isn't there an independent lab that would have a thorough scientific unbiased test of all the security products?
The companies would pay a yearly fee to be tested twice a year and appear in a commercial security products report that would be published twice a year.
Open source solutions would be tested free of charge only once a year (or every other year) and appear in either an open source security products report once a year or in a comprehensive report containing all products.

I also think...What do other people think about this new product?
Without having the skill, time, or money to scientifically test all the products yourself, there is only so much one can do. You have to depend on other's opinions be it reviews, reports, or forum threads.

When you read about a new anti-spyware or something? What is your first reaction?

Click to expand...

Recently, I've spoken with several System Administrators - one at a college where I taught. I'm interested in their current thinking on the state of security. The media is full of reports about the onslaught of attacks, and that the future looks bleak.

Perhaps surprising to many, these Administrators reported decreases in malware attacks. This is due mainly to insuring that users follow strict protocols. For example, in the DFK test scenario mentioned in the PG Forum -- where Judy receives an executable email attachment from Carl -- that wouldn't have happened. Carl would know not to send such a thing, and Judy would not be tempted to open it. (another reason below)

So in addition to educating users, what else do they use? Very little. As far as "anti-whatever applications," you might be surprised that these Adminstrators wouldn't have heard of hardly any of them. "Ewido? Prevx? What are they?"

Two schools use Deep Freeze on all of the workstations, managed/updated campus wide through the Administrator Console. The Enterprise (Institution) Edition sets up a Thawspace (virtual) drive for user files. Deep Freeze is the only security product on the individual workstations. (router is at the server) Some groups of computers have Software Restriction Policies enabled (see SpikeyB's posts about this), which are also protection against Remote Code Execution on the internet. These schools have =zero= malware problems.

The only other protection is at the network server. A second reason the Judy-Carl scenario could not have happened at one school is that all executable attachments are stripped at the server. Other safeguards include the powerful anti-spam filters, and monitoring/logging of the T-3 bandwith for excessive network traffic. And a few others.

And how does an average joe judge the situation?

Click to expand...

One can say perhaps that the situations in these institutions are not relevant for the average joe at home.

But I would argue that they are relevant.

1) Users are users, whether at home/school/work, and can learn to follow good rules for security

2) More ISPs including mine, now strip executables at the server. Recent examples I've received:

(Because of this, I no longer get neat stuff to test via email. Although my ISP would let me look in the Server quarantine box if I wished, but I haven't taken the trouble to do so)

3) Administrators control the installation of programs. None have ever had trojan/spypware/adware attached. Why not? They insure that the source of the products is reliable. It goes without saying, of course, that web sites offering bogus/pirated/silly freebies software are avoided.

Is this not also possible for the home user? How much misery could be prevented just by observing these simple procedures.

How does a Wilders' member feel about it?
When you read about a new anti-spyware or something? What is your first reaction? What do you think?

Click to expand...

I've approached security using the models I've observed at the schools. If they are successful, something must be working.

As such, I've found that I don't need a lot of products, so I admit ignorance to most of the stuff to which you refer, since I don't keep up with them.

Using this approach, I've had success with the home systems I helped set up for others. Malware certainly has become more sophisticated, but the methods employed haven't changed much: somehow, it has to get installed and run an executable.

And how does an average joe judge the situation? How does someone for whom Norton is the holy word of security get the feel of the market?

Click to expand...

The average joe only reacts, when something serious happens to his computer and he will ask for advice in his neighborhood.
Then he will install the adviced security setup, hopefully keep it up-to-date and never change it until something else happens and so on.
The average user is only interested in work and hobbies, not the boring stuff of security softwares.

Mrkvonic said:

When you read about a new anti-spyware or something? What is your first reaction? What do you think?

Click to expand...

My 1st reaction : "Why did this company re-invent the wheel?" We have already so many AV/AS/AT/AK-scanners.
My 2nd reaction is to check the list of rogue Anti-Malwares.
My 3rd reaction is not to use it, because these NEW scanners can't compete with the existing advanced+ scanners.
My 4th reaction is to read the comments of the users.

Good thread
Good discussion
Everyone will have an opinion.
Devinco: good analysis
So many points to reply to so I'll just offer this: slight tangent

There are obvious quality issues from soft to soft, non-perfect.
You use SPybot as example of possibly "long in the tooth" utility but updated constantly dedicated team and developer support ++ and despite some recent tests downgrading it it still works better than most imo.

Heh: look at latest release of SpySweeper; ****-ups all over the place.

Agree.; no single best, but having learnt from here have gained the expertise and experience of all: "community based" protection.

I know what you are getting at but there was an article recently (really) from some "respected" some one or other noting that the flow of malware is now massive.
Administrators and organisations not seeing it because they do not recognise it was the point of the article.
Just think of all the major systems compromised in the last 12 months.
At least that college is recognising one of the greatest risk is human error and have removed that as far aspossible from their equation.

If Spam is ~80% of www e-mail, what makes anybody think malware is not up there?

Deep Freeze and the like are the go for static systems but maybe not an option for evolving ones?
restricting web sites may be fine in the same circumstance but imo is against the ethos of the web.
If all we try and do is build fortresses then they have already won
(heh practical considerations may override philosophy)

My first reaction is...
Why isn't there an independent lab that would have a thorough scientific unbiased test of all the security products?
The companies would pay a yearly fee to be tested twice a year and appear in a commercial security products report that would be published twice a year.

Click to expand...

Answer 1; Fear. answer2: ego
If the automobile industry can do it with crash testing then so could SOftware!

Could carry the car analogy a little firther:
Current cars way better than older ones, do more for equivalent of less; safer ?? sort of, but still a blight. Some idiots will still crash!
Similar to software: feel like surfing with W98 and norton 2001?
Still there is convergence and parrallel evolution of current security softs: look alike do same things: we pick what is best in a similar way to buying a car. Doesn't mean a 1950 Mercedes gullwing doesn't rock, just wouldn't take the family for a long trip!

Just think of all the major systems compromised in the last 12 months.

Click to expand...

Statistics are useful, as long as one doesn't feel that s/he is necessarily prone to becoming one of them. Old saying: "Just because Miss Pidly's shoes are too tight, why should my feet hurt?"

At least that college is recognising one of the greatest risk is human error and have removed that as far as possible from their equation.

Click to expand...

This can be inspiration that it can apply to home users also.

If Spam is ~80% of www e-mail, what makes anybody think malware is not up there?

Click to expand...

Agreed, but just because it is "up there" doesn't mean it has to come "down here." Too many ways of avoiding it today, and for that which does get by filters, well, no one is forced to open such stuff.

Some one recently used the Garden of Eden allegory as an example: The snake didn't twist Eve's arm, it tempted/tricked her.

Deep Freeze and the like are the go for static systems but maybe not an option for evolving ones?

restricting web sites may be fine in the same circumstance but imo is against the ethos of the web.
If all we try and do is build fortresses then they have already won
(heh practical considerations may override philosophy)

Click to expand...

I've never thought of it as a fortress situation, rather, one of making choices. If I'm walking downtown and pass an Adult Bookstore, I don't have to go in.

regards,

-rich

________________________________________________________________"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."